W3C home > Mailing lists > Public > public-grddl-comments@w3.org > January to March 2007

Re: (formal) comment on security considerations

From: Dan Connolly <connolly@w3.org>
Date: Tue, 13 Feb 2007 11:40:59 -0600
To: Jeremy Carroll <jjc@hpl.hp.com>
Cc: public-grddl-comments@w3.org, jena-devel <jena-devel@lists.sourceforge.net>
Message-Id: <1171388459.7497.1051.camel@dirk>

On Tue, 2007-02-13 at 17:21 +0000, Jeremy Carroll wrote:
[...]
> A better approach would be, in the words quoted in your spec, to:
> [[
> [use] the discussion of the "application/postscript" type [...] as a 
> model for considering other [...] remote execution capabilities.
> ]]
> 
> as an appendix to this comment, I attempt precisely that, and offer that 
> as a first draft of text that would address this comment.

Thanks for the detailed suggestion; I'd start pasting it in, but
it conflicts with a WG decision, so I'll need to get the WG in the loop.

> I note that the text from RFC 2046 appears to have normative force, but 
> "should" and "may" have their usual English meanings, rather than the 
> precise definitions of RFC 2119. My preference is that advice to 
> implementers concerning security should be normative.

The WG decided not to have any conformance labels.
http://www.w3.org/2004/01/rdxh/spec#issue-conformance-labels

For example, your suggested text uses "GRDDL processor"
where the editors have agreed on "GRDDL-aware agent"
 http://www.w3.org/TR/grddl-scenarios/#GRDDLAwareAgent
and the WG has agreed not to use it as a conformance label.

This looks like sufficient new information to re-consider
that decision, to me.


-- 
Dan Connolly, W3C http://www.w3.org/People/Connolly/
D3C2 887B 0F92 6005 C541  0875 0F91 96DE 6E52 C29E
Received on Tuesday, 13 February 2007 17:41:09 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 19:55:02 UTC